> > > If a signature has an rsf= tag, verifiers ignore it unless there's a
> > > matching signature from a domain the rsf= points to.
> > >
> > > This is not backward compatible, since verifiers that don't understand
> > > rsf= will often get the wrong answer, so it needs a version bump.
> >
> >Can't both the version bump issue and the token signature issue be
> >ameliorated by incorporating the token signature in the DKIM-Delegate
> >field?
> Yes, you could do the equivalent of the version bump by changing the
> name of the header, but I don't see the point.
If you're going to bump the version, you need to use the opportunity to
solve the more general underlying problem.
I'm not sure I can completely characterize that problem, but it's something
along the times of there need to be some way to state the intention behind this
particular signature. Is this a signature tied to use by third parties?
Whitelisting? Something else?
Ned
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
